Wiggle investigating possible hack

Rua_ri

https://www.infosecurity-magazine.com/news/wiggle-investigates-cyberattack

Check your emails or details in case it has happened to you.

cletus

Rua_ri wrote: »

https://www.infosecurity-magazine.com/news/wiggle-investigates-cyberattack

Check your emails or details in case it has happened to you.

I got stung yesterday for about €150. Wiggle on to me today, so fingers crossed

Rua_ri

cletus wrote: »

I got stung yesterday for about €150. Wiggle on to me today, so fingers crossed

Sorry to hear that.
At least they were on to you.
Others are reporting that they delayed in contacting them.

Hopefully you will get it sorted.

cletus

Rua_ri wrote: »

Sorry to hear that.
At least they were on to you.
Others are reporting that they delayed in contacting them.

Hopefully you will get it sorted.

Well, it happened yesterday morning at about 8.30 am. I contacted Wiggle immediately, but didn't get a response till today at 3. They have no customer service number, and email turnaround times are listed at 24-48 hours. Not too happy about that really, especially if each correspondence is going to take 24 hours to be returned

cletus

cletus wrote: »

Well, it happened yesterday morning at about 8.30 am. I contacted Wiggle immediately, but didn't get a response till today at 3. They have no customer service number, and email turnaround times are listed at 24-48 hours. Not too happy about that really, especially if each correspondence is going to take 24 hours to be returned

Just an update here, in case anyone else is in the same position. My account was hacked on Monday, and I contacted Wiggle immediately.

They were in contact with me at about 1pm yesterday looking for three pieces of verifiable info.

Money was back in my account at approx 1.30pm today

Flaccus

Is this hack only on the wiggle site or is chainreaction also affected ? hope it's not crc as I created multiple accounts there to avail of the 10 euro off for new customers.

cletus

Flaccus wrote: »

Is this hack only on the wiggle site or is chainreaction also affected ? hope it's not crc as I created multiple accounts there to avail of the 10 euro off for new customers.

References in the article seem to only refer to Wiggle

Cee-Jay-Cee

cletus wrote: »

Just an update here, in case anyone else is in the same position. My account was hacked on Monday, and I contacted Wiggle immediately.

They were in contact with me at about 1pm yesterday looking for three pieces of verifiable info.

Money was back in my account at approx 1.30pm today

Did you have your credit/debit card details saved on the website or how did the hackers manage to take money from your account?

cletus

Cee-Jay-Cee wrote: »

Did you have your credit/debit card details saved on the website or how did the hackers manage to take money from your account?

I had my Revolut card details saved on Google pay, or whatever it's called. They accessed my account, changed the email address associated with it, then changed the password. This meant that I couldn't do a forgot my password thing, as the email to reset was sent to the new email address.

Then they just bought with the card until it was declined. I had €150ish on the card.

It took wiggle 24 hours to respond, and another 24 hours to rectify, so even though I have my money back, the products are likely shipped.

I was lucky, because Revolut email me every time I make a transaction. If it was my normal debit card, it could have taken a few days to notice

Eamonnator

When I buy from CRC/Wiggle, I always pay with PayPal, does this make me more or less vulnerable?

buffalo

Eamonnator wrote: »

When I buy from CRC/Wiggle, I always pay with PayPal, does this make me more or less vulnerable?

Less - there's no card stored on your account. The hacker would have to be able to access your PayPal account, which hopefully has a different password.

I've changed my Wiggle password, even though I haven't been affected so far (I use Paypal also to help guard against this sort of thing, and also so I don't have to update my card details on 34095 different sites).

Large bottle small glass

Eamonnator wrote: »

When I buy from CRC/Wiggle, I always pay with PayPal, does this make me more or less vulnerable?

I can't answer that but I wouldn't let any retailer or ebay store my cc details (they may do anyway even when you tick the box not to).

Personally I would only use a credit card as over the years with two skimming incidents and a chargeback (when ebay were complete cnuts and my phone was never delivered) I've found there refund/fraud processes to be faultless.

Off topic but when retailers are acting the b0llix the "threat" of a chargeback is a very effective tool. I've only used in once, you probably don't want to be actually using it much

joey100

They had this issue about 2 weeks ago too. Same thing, people logging into others accounts, changing passwords and emails. They were very slow to acknowledge it then and the fact it's still happening up to a week or so ago is not a good sign.

CantGetNoSleep

Yeah could have prevented a lot of it then by emailing all customers to say to change passwords.

DrZeuss

While I wasn't affected by the hack, I did place an order on 5th July that I was expecting. Checked the status and it was cancelled :mad:

Got onto their live chat, couldn't tell me anything other than it was cancelled and that someone from their team would be onto me within 24 hours.

So tinfoil hat on and a quick google brought up a few articles on the possible hack. Very poorly communicated and not even an email to say the order was cancelled. Luckily I don't store CC info on the likes of these sites as a precaution.

-edit to add the order was with CRC not Wiggle